Cyber Security & You: Vulnerability Exists Between Chair and Keyboard

Software vulnerabilities can manifest themselves in many ways, but typically, they are exploited by abusing software interfaces in ways outside of their designed operation. We try to mitigate against this possibility with techniques such as testing, and peer review, but we still can’t seem to avoid an occasional oversight. The problem with these techniques is that they all require human input to analyze all possible permutations for all possible interfaces and calculate potential risk. This type of calculation sounds like a great task for a computer!

We can help ourselves during our development to make static analysis tools more accurate and relevant to our cause: we can choose the language we develop in, we can subset that language to minimize undefined behaviors which static analysis tools struggle with, and, we can even go so far as to use formal proof methods to guarantee that our software interfaces are designed to handle every possible permutation of threat. This webinar will discuss how these choices of language, and subsets can be used to gain accuracy with static analysis tools by comparing the syntactical and feature differences between the Ada and C languages and their corresponding subsets, SPARK Ada and MISRA C.